Lucene search
Veracode Vulnerability DatabaseVERACODE:6860HistoryJun 27, 2018 - 7:34 a.m.
Denial Of Service (DoS)
2018-06-2707:34:07
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.318 Low
EPSS
Percentile
97.0%
libtiff.so is susceptible to denial of service (DoS) attack. The attack is possible when an attacker send a malicious TIFF file to the cpSeparateBufToContigBuf function in tiffcp.c to cause a heap-based buffer overflow.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libtiff.so | le | 5.2.0 | |
| libtiff | eq | 4.0.9__13.el8 | |
| libtiff | le | 4.0.6.2 |
References
bugzilla.maptools.org/show_bug.cgi?id=2798
access.redhat.com/errata/RHSA-2019:2053
access.redhat.com/errata/RHSA-2019:3419
github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900
lists.debian.org/debian-lts-announce/2019/11/msg00027.html
usn.ubuntu.com/3906-1/
usn.ubuntu.com/3906-2/
www.debian.org/security/2020/dsa-4670
Related
osv
osv
CVE-2018-12900
2018-06-26 22:29:00
CVE-2019-7663
2019-02-09 16:29:00
tiff - security update
2019-11-26 00:00:00
nvd
nvd
CVE-2018-12900
2018-06-26 22:29:00
CVE-2019-7663
2019-02-09 16:29:00
cve
cve
CVE-2018-12900
2018-06-26 22:29:00
CVE-2019-7663
2019-02-09 16:29:00
oraclelinux
oraclelinux
libtiff security update
2019-11-14 00:00:00
libtiff security update
2019-08-13 00:00:00
nessus
nessus
RHEL 8 : libtiff (RHSA-2019:3419)
2019-11-06 00:00:00
Oracle Linux 8 : libtiff (ELSA-2019-3419)
2023-09-07 00:00:00
CentOS 8 : libtiff (CESA-2019:3419)
2021-01-29 00:00:00
debiancve
debiancve
CVE-2018-12900
2018-06-26 22:29:00
CVE-2019-7663
2019-02-09 16:29:00
alpinelinux
alpinelinux
CVE-2018-12900
2018-06-26 22:29:00
ubuntucve
ubuntucve
CVE-2018-12900
2018-06-26 00:00:00
CVE-2019-7663
2019-02-09 00:00:00
redhat
redhat
(RHSA-2019:3419) Moderate: libtiff security update
2019-11-05 17:43:50
(RHSA-2019:2053) Moderate: libtiff security update
2019-08-06 07:56:00
redhatcve
redhatcve
CVE-2018-12900
2020-01-11 09:33:27
CVE-2019-7663
2019-02-15 07:49:43
prion
prion
Heap overflow
2018-06-26 22:29:00
Code injection
2019-02-09 16:29:00
cvelist
cvelist
CVE-2018-12900
2018-06-26 22:00:00
CVE-2019-7663
2019-02-09 16:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2019-0101)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3911-2)
2021-04-19 00:00:00
openSUSE: Security Advisory for tiff (openSUSE-SU-2018:3948-1)
2018-12-04 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 4.1.0-alt1
2019-11-14 00:00:00
mageia
mageia
Updated libtiff packages fix security vulnerability
2019-02-22 03:35:50
Updated libtiff packages fix security vulnerabilities
2018-12-30 02:24:32
suse
suse
Security update for tiff (moderate)
2018-11-30 00:10:39
Security update for tiff (moderate)
2018-11-30 00:09:39
debian
debian
[SECURITY] [DLA 2009-1] tiff security update
2019-11-26 21:24:54
[SECURITY] [DSA 4670-1] tiff security update
2020-04-29 21:12:38
[SECURITY] [DSA 4670-1] tiff security update
2020-04-29 21:12:38
ubuntu
ubuntu
LibTIFF vulnerabilities
2019-03-12 00:00:00
LibTIFF vulnerabilities
2019-03-18 00:00:00
cloudfoundry
cloudfoundry
USN-3906-1: LibTIFF vulnerabilities | Cloud Foundry
2019-03-21 00:00:00
photon
photon
centos
centos
libtiff security update
2019-08-30 03:31:24
f5
f5
ibm
ibm
amazon
amazon
Medium: libtiff
2019-10-21 18:01:00
Medium: libtiff
2019-10-08 21:06:00